FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Web security testing





sathiyasri
I have been assigned with a project of testing web based application(login screen) having user name & password field.The page is .asp & using IIS server.

I have to test it security whether it provides information which could be used to exploit its security.

Whether the application login is SQL injection proof.

Whether the application login is HTML injection proof.

I have knowledge of sql & know injection funda but could not go through. So kindly let me know how to test this & what are different ways through which this can be tested with examples.
Antoine_935
I don't know enough about SQL injection
But HTML injection should be XSS security holes.

imagine a simple form
Code:

<form action="thisPage.asp" method="post">
<input type="text" value="lastPostedValue" name="search" />
<input type="submit" value="Search" />
</form>


See, input name text, value is "lastPostedValue" (i-e the value the user posted last time)
Let's test something.
Send
Code:
" name="search" /><script>alert("hello, this is a security hole")</script>

would give this:
Code:

<form action="thisPage.asp" method="post">
<input type="text" value="" name="search" /><script>alert("hello, this is a security hole")</script>" name="search" />
<input type="submit" value="Search" />
</form>


User is able to execute script as he wants.
These security holes can be used to get session id and other privacy informations from innocents victims. That's why they are to be deleted.

SQL injection is something like this, but with SQL code.
There should be some function like "sql_escape_string" to fix data

I hope it will help you Wink
deepak
sql injection can be fixed by replacing escaping chars in SQL. This remind me of something which i designed 2 years ago .. you should see it .. its pretty much securer application in ASP with encryption in allmost all levels. http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=9003&lngWId=4
ninjakannon
One quick question, what is SQL injection? And HTML injection, for that matter? Shocked

EDIT: OK, I know that's 2 questions, but I didn't initialy plan for that.
yy1124
ninjakannon wrote:
One quick question, what is SQL injection? And HTML injection, for that matter? Shocked

EDIT: OK, I know that's 2 questions, but I didn't initialy plan for that.


With SQL injetcion people can crack in to your database and do whatever he wants;

I am not so sure bout the impact of HTML injection though, this is the first time I heard of it, according to antoine they can execute any script they wants?
ninjakannon
Ok thanks, yy1124.

I'm using php with a MySQL database, I'm assuming that it's - although tricky - not terribly hard for someone who knows about it to crack the database. So how would I stop SQL injection here, anyone know?
deepak
Check your all variables before passing to SQL queries like if you want to select password from a table users

$myvar = $_GET['user'];

SELECT * FROM USER WHERE USERNAME = $myvar

if $myvar = " -- " which is a escape sequence for sql it'll execute

SELECT * FROM USER WHERE USERNAME =

but thanks for MYSQL it automatically handle these kind of small stuff!
rohan2kool
thanks a lot pal.. especially Antoine_935. I was searching for XSS since a long time. thanks a lot m8.

rohan
Related topics
(official) IE 7 Topic
Web Services Enhacements security
How to Set up Local Web Server
No website is secure from this man
Php Mysql security testing
Why do you use your current operating system?
What kind of OS do you prefer
Home Server
Need Wordpress Theme Done
serve them right
Opera 10.52 is Freaky Fast
security for free web hosting
Logon as Administrator - Windows 7 Home Premium
Running an online community
Reply to topic    Frihost Forum Index -> Scripting -> Others

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.